[Samba] Schema modification with auxiliary class vs builtin class and vbscript
Hello The situation is the following : I've successfully created an auxiliary class with an attribute by following this method : http://semifershome.free.fr/semifer/index.php?2008/02/12/42-etendre-le-schema-active-directory-classes-attributs-et-display-specifiers The auxiliary class is allowedService and the attribute is allowedServiceAttribute. The following VB script for changing the attribute doesn't run for the bold line. The first time we run the script we have the following error but the value of allowedServiceAttribute is successfully setted: /Erreur : Cet objet ne gère pas cette propriété ou cette méthode allowedServiceAttribute/ But even if we run another time the script we have the following same message (so we can see the previous value). The VB Script (example script) -- dim args dim user dim temp set args = wscript.arguments set user = GetObject(args(0)) on error resume next *temp = InputBox(Service attribute : , , user.allowedServiceAttribute)* user.put allowedServiceAttribute, test value user.setinfo set user = Nothing set args = Nothing wscript.Quit -- Where I do not understand is that for another auxiliary class (PossixAccount) and another attribute (LoginShell) the bold line is ok : *temp = InputBox(Loginshell : , , user.LoginShell)* and we can see the previous value of LoginShell if we have already setted it. Here are the ldiff files of the auxiliary class and his attribute : dn: CN=allowedService, CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org mayContain: allowedServiceAttribute objectClass: top objectClass: classSchema defaultObjectCategory: CN=allowedService,CN=Schema,CN=Configuration,DC=sc,DC= isc84,DC=org defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCC DCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org schemaIDGUID:: ee+/vURt77+9H++/vUHvv73vv73nsJLvv70d77+9 subClassOf: top cn: allowedService objectClassCategory: 3 lDAPDisplayName: allowedService showInAdvancedViewOnly: TRUE distinguishedName: CN=allowedService,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org whenChanged: 20120824065037.0Z whenCreated: 20120823124813.0Z governsID: 1.2.840.113556.1.8000.2554.6382.11911.19017.19847.32977.12302487.3262913.1 adminDisplayName: allowedService objectGUID:: UB9G77+9GwoVTO+/vUjvv71s77+977+9 rDNAttID: uid uSNChanged: 7129 uSNCreated: 7110 instanceType: 4 adminDescription: allowedService name: allowedService dn: CN=allowedServiceAttribute, CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org objectClass: top objectClass: attributeSchema oMSyntax: 64 objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org isMemberOfPartialAttributeSet: TRUE schemaIDGUID:: 77+9GUrvv70WCu+/vUzvv71T77+976SjCu+/vQ== cn: allowedServiceAttribute isSingleValued: TRUE lDAPDisplayName: allowedServiceAttribute showInAdvancedViewOnly: TRUE searchFlags: 23 attributeID: 1.2.840.113556.1.8000.2554.6382.11911.19017.19847.32977.12302487.3262913.1.1 distinguishedName: CN=allowedServiceAttribute,CN=Schema,CN=Configuration,DC=sc,DC=isc84,DC=org whenChanged: 20120824065737.0Z whenCreated: 20120823124919.0Z msDS-IntId: -1322168606 adminDisplayName: allowedServiceAttribute objectGUID:: 77+9eTDvv73vv73vv70EQe+/vSwKXgRA77+9 attributeSyntax: 2.5.5.12 uSNChanged: 7133 uSNCreated: 7113 instanceType: 4 adminDescription: allowedServiceAttribute name: allowedServiceAttribute Any idea ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 how to provision as simply a member of a domain
Hi I want to try out the Samba 4 versions of smbd, nmbd and winbindd (not samba and not as a DC) on a box which I shall join to an existing domain. How do I provision it? Or don't I and just join it using samba tool domain join? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 how to provision as simply a member of a domain
On 24/08/12 09:28, steve wrote: Hi I want to try out the Samba 4 versions of smbd, nmbd and winbindd (not samba and not as a DC) on a box which I shall join to an existing domain. How do I provision it? Or don't I and just join it using samba tool domain join? Cheers, Steve Hi Steve, You could try 'net ads join', the net command is there in /usr/local/samba/bin and this is the command that would be used from a samba 3 domain member, but I must say that I haven't yet tried this. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User profile service hangs, very slow logon after profile migration
I found a solution which solves my problem: Start on the client gpedit.msc Set maximum wait time for the network if a user has a roaming user profile or remote home folder setting and configure Wait for network for maximum option is 0 seconds under Computer Configuration\Policies\Administrative Templates\System\User Profiles. Activate Do not detect slow network connections under Computer Configuration\Administrative Templates\System\Logon This fixed my issue, the logon now takes roughly between 3-45 seconds depending on how much data is storred in the roaming profile. Regards, Mathias -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem in porting samba to HP-UX
Hi, I am a little new to samba. I am currently trying to port samba-3.6.6 to a HP-UX (11.31ia) machine. On compilation i get the following error. bugatti#make Using CFLAGS = -I../lib/zlib -AC99 -AC99 -I. -I/home/dheeraj/samba/samba-3.6.6/source3 -I/home/dheeraj/samba/samba-3.6.6/source3/../lib/popt -I/home/dheeraj/samba/samba-3.6.6/source3/../lib/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./librpc -I./.. -I./../lib/talloc -I../lib/tdb/include -DHAVE_CONFIG_H -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./librpc -I./.. -I./../lib/popt -DLDAP_DEPRECATED -I/home/dheeraj/samba/samba-3.6.6/source3/lib -I.. -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 PICFLAG= +z LIBS = -lsec -lnsl LDFLAGS= +z -L./bin DYNEXP = -Wl,-E,+b/usr/local/lib/hpux32:/usr/lib/hpux32:/usr/local/lib/hpux64:/usr/lib/hpux64 LDSHFLAGS = +z -b -Wl,-B,symbolic,-b -L./bin -lc SHLIBEXT = so SONAMEFLAG = -Wl,+h, creating /home/dheeraj/samba/samba-3.6.6/source3/exports/libtalloc.syms Linking shared library bin/libtalloc.so.2 creating /home/dheeraj/samba/samba-3.6.6/source3/exports/libtdb.syms Linking shared library bin/libtdb.so.1 Compiling passdb/pdb_ldap.c passdb/pdb_ldap.c, line 1764: error #2029: expected an expression (ber_printf (ber, ts, LDAP_TAG_EXOP_MODIFY_PASSWD_ID, ^ passdb/pdb_ldap.c, line 1764: error #2018: expected a ) (ber_printf (ber, ts, LDAP_TAG_EXOP_MODIFY_PASSWD_ID, ^ passdb/pdb_ldap.c, line 1776: error #2029: expected an expression LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, ^ passdb/pdb_ldap.c, line 1776: error #2018: expected a ) LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, ^ 4 errors detected in the compilation of passdb/pdb_ldap.c. The following command failed: ) *** Error exit code 2 Stop. LDAP_TAG_EXOP_MODIFY_PASSWD_ID... is defined in /source3/include/smbldap.h. And it is rightly defined as of ber_tag_t type, the one that ber_printf expects. I have tried all the usual methods but the problem is not getting solved. Need some help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP Pro client perm issues after joining samba domain
No takers? On Thu, Aug 23, 2012 at 10:44 AM, Chris Nighswonger cnighswon...@foundations.edu wrote: Samba: 3.6.6 PDC Client: XP Pro SP3 Background: 1. Started with a clean installation of XP Pro SP3 2. Joined the client to the samba domain 3. Logged in as user 'root' the first time after the join. 4. Added Domain Users group to the Local Admin group on the client (forget about the security implications for the moment) Now when a user (any user) logs on to the client and attempt to open Internet Explorer 8, Explorer promptly crashes. If the local administrator is logged into the client, Explorer works as expected. Everything else works fine for all users including both local resources and domain resources. This is happening on eight clients, all with clean installations of the OS. I'm suspecting this is a hidden permissions problem, but am really at a loss for where to start looking or debugging. Any help would be greatly appreciated. Kind Regards, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP Pro client perm issues after joining samba domain
On 8/24/12 7:42 AM, Chris Nighswonger cnighswon...@foundations.edu wrote: No takers? I googled for internet explorer crashes when administrator Figuring that samba wasn't to blame here. The first hit I got might be your cause.. (protected mode) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [SAMBA] shadow_copy2 is not working for me on samba 3.6.7 and btrfs volume
Hi, I'm running samba 3.6.7 on a linux server: root@SRVUBUNTU:/btrfs/samba/.btrfs# smbd -V Version 3.6.7 root@SRVUBUNTU:/btrfs/samba/.btrfs# uname -a Linux SRVUBUNTU 3.5.2 #1 SMP Fri Aug 17 15:26:57 CEST 2012 x86_64 x86_64 x86_64 GNU/Linux I have a base dir to share with samba on /btrfs/samba root@SRVUBUNTU:/btrfs/samba# ls -l total 0 -rw-r--r-- 1 root root 0 Aug 24 13:07 a -rw-r--r-- 1 root root 0 Aug 24 13:07 b My snapshots are stored inside this basedir in the folder .btrfs root@SRVUBUNTU:/btrfs/samba/.btrfs# ls -l total 0 drwxr-xr-x 1 root root 12 Aug 24 13:15 @GMT-2012.08.24-15.15.25 drwxr-xr-x 1 root root 16 Aug 24 13:07 @GMT-2012.08.24-15.26.40 This is my smb.conf --- [data] vfs objects = shadow_copy2 shadow:snapdir = /btrfs/samba/.btrfs shadow:basedir = /btrfs/samba read only = no path = /btrfs/samba/ browsable = yes guest ok = yes follow symlinks = yes wide links = yes unix extensions = no I can't see the snapshots in previous versions, however I can navigate/browse inside the windows 7 client to the (hidden) snapshot directory, so it seems not to be a permission issue. This worked previously fine for me on a freebsd server with zfs volumes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions incorrectly ordered on Windows after disabling inheritance
Hi everyone, I've noticed a problem with Debian wheezy + samba 3.6.6 configured with acl_xattr in my configuration. The following test sequence causes Windows Explorer to report incorrectly ordered permission entries: 1) Map a share as with admin user credentials to a drive letter on a Windows client 2) Create a folder at the root of the share rootfolder 3) Create a subfolder subfolder1 under rootfolder 4) Un-check Include inheritable permissions from this object's parent in the windows security settings dialog for Windows Explorer on the root folder 5) Create a subfolder subfolder2 under subfolder1 6) Right-click with Windows Explorer and attempt to edit the permissions of subfolder2. Windows Explorer pops up a message stating The permissions on subfolder2 are incorrectly ordered, which may cause some entries to be ineffective. This is reproducible on every Windows client system I've tried including Windows 7, XP, Server 2008 R2 and Server 2003. When incorrectly ordered, the permissions look like this as printed by smbcacls smbcacls //localhost/20120821_3 rootfolder/subfolder1/subfolder2 REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-H5\admin GROUP:BIZNAS-H5\None ACL:BIZNAS-H5\admin:ALLOWED/0x0/RWXDPO ACL:Creator Owner:ALLOWED/OI|CI|IO|I/RWXDPO ACL:BIZNAS-H5\None:ALLOWED/0x0/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO|I/RWXDPO ACL:Everyone:ALLOWED/OI|CI|I/RWXDPO For comparison, here is the same subfolder tree without performing step 4 above to un-check the Include inheritable perimssions box from Windows explorer: smbcacls //localhost/20120821_3 rootfolder/subfolder1/subfolder2 REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-H5\admin GROUP:BIZNAS-H5\None ACL:BIZNAS-H5\admin:ALLOWED/0x0/RWXDPO ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO ACL:BIZNAS-H5\None:ALLOWED/0x0/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO ACL:Everyone:ALLOWED/OI|CI/RWXDPO admin@BizNAS-H5:/mnt/lvol0$ Note that the ACE entries are in the same order, however in the first case where Windows reports incorrectly ordered ACE's Creator Owner, Creator Group and Everyone ACE's include the I flag SEC_ACE_FLAG_INHERITED_ACE The share folder, rootfolder and subfolder1 permissions are as shown below (steps 1 through 3) smbcacls //localhost/20120821_3 rootfolder/.. REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-H5\nobody GROUP:Unix Group\root ACL:BIZNAS-H5\nobody:ALLOWED/0x0/FULL ACL:Unix Group\%naslocal%:ALLOWED/0x0/FULL ACL:Unix Group\root:ALLOWED/0x0/FULL ACL:BIZNAS-H5\admin:ALLOWED/0x0/FULL ACL:Everyone:ALLOWED/0x0/ ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO ACL:Everyone:ALLOWED/OI|CI|IO/RWXDPO smbcacls //localhost/20120821_3 rootfolder REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-H5\admin GROUP:BIZNAS-H5\None ACL:BIZNAS-H5\admin:ALLOWED/0x0/RWXDPO ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO ACL:BIZNAS-H5\None:ALLOWED/0x0/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO ACL:Everyone:ALLOWED/OI|CI/RWXDPO admin@BizNAS-H5:/mnt/lvol0$ smbcacls //localhost/20120821_3 rootfolder/subfolder1 REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-H5\admin GROUP:BIZNAS-H5\None ACL:BIZNAS-H5\admin:ALLOWED/0x0/RWXDPO ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO ACL:BIZNAS-H5\None:ALLOWED/0x0/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO ACL:Everyone:ALLOWED/OI|CI/RWXDPO Note that in each case flags OI|CI|IO are set on Creator Owner, Creator Group and Everyone ACE's, however corresponding subfolders do not have the I flag and SEC_ACE_FLAG_INHERITED_ACE set. I would have expected this to be set for each inherited permission. Indeed Windows explorer does mark these permissions as Inherited From Z:\ where Z:\ is the mapped share folder. The value of subfolder1 after step 4 is: smbcacls //localhost/20120821_3 rootfolder/subfolder1 REVISION:1 CONTROL:0x8d04 OWNER:BIZNAS-H5\admin GROUP:BIZNAS-H5\None ACL:BIZNAS-H5\admin:ALLOWED/I/RWXDPO ACL:Creator Owner:ALLOWED/OI|CI|IO|I/RWXDPO ACL:BIZNAS-H5\None:ALLOWED/I/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO|I/RWXDPO ACL:Everyone:ALLOWED/OI|CI|I/RWXDPO Note that when un-checking Include inheritable permissions and adding existing permissions using Windows Explorer, Windows forces the I SEC_ACE_FLAG_INHERITED_ACE flag on subfolder1 (and all subdirectories below rootfolder) ACE's including the ACE entries admin and None which were actually not inherited but created through the Creator Owner ACE. When viewing Advanced Security Settings on a folder with incorrectly ordered permissions, Windows provides a reorder option. Reordering the ACE's results in the following permissions: smbcacls //localhost/20120821_3 rootfolder/subfolder1/subfolder2 REVISION:1 CONTROL:0x8d04 OWNER:BIZNAS-H5\admin GROUP:BIZNAS-H5\None ACL:BIZNAS-H5\admin:ALLOWED/0x0/RWXDPO ACL:BIZNAS-H5\None:ALLOWED/0x0/RWXDPO ACL:BIZNAS-H5\admin:ALLOWED/I/RWXDPO ACL:Creator Owner:ALLOWED/OI|CI|IO|I/RWXDPO ACL:BIZNAS-H5\None:ALLOWED/I/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO|I/RWXDPO ACL:Everyone:ALLOWED/OI|CI|I/RWXDPO Note
Re: [Samba] XP Pro client perm issues after joining samba domain
On Fri, Aug 24, 2012 at 7:54 AM, Tom Ryan tomr...@camlaw.rutgers.eduwrote: I googled for internet explorer crashes when administrator Figuring that samba wasn't to blame here. The first hit I got might be your cause.. (protected mode) Your right, Tom, it turned out not to be a samba problem at all, but your reply headed me off in the right direction. Being a *nix guru, I forget that win32 does have a few logs. A look at the system log showed that the latest version of Avast's AWS service was crashing IE8. Removing the Browser Protection module corrected the problem. Interestingly enough, IE8 appears to be the only browser affected this way. Incidentally, AFAICT there is no protected mode for IE8 installed on XP. Thanks again for helping break me loose on this! Kind Regards, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] migration from windows 2003 DC to samba4 DC
hello everyone. i am Planning migrating my microsoft infrastructure to linux gradually. i successfully migrated Fileserver, Virtualization, Proxy. now my goal is to replace my domain controller holding 2003 server. i have a mix client (33 clients) infrastructure including, WindowXP, 2003 Memeber server and Windows 7 while all are memeber of domain with default GPO, though i wanted to use GPOs in future via samba4, here is the detail of my domain controller, 1. 2003 Active directory 2. active directory integrated DNS with DNS forwarder. 3. DHCP. so my questions are. As per my understanding with DC . i can use ADC for failover. - is it possible to install samba DC as an ADC and later promoted to DC? - is there any one has migrated windows DC to SAMBA DC. what was his/her strategy/experience (any suggestions would be appreciated). - can anyone please tell me about the stability of SAMBA4. with his personal experience , since it is in beta stage? because my 2003 DC server is in production and i don't have a clue that beta is a better way to go in production or not. my requirement with samba4 after migration are. 1. DC 2. Integrated DNS so that when ever host join's. DNS records and other updates in AD should be done by it self. (same ad windows AD) 3. DHCP 4. Group policy implementation. BTW, i am using 2.7 SAMBA as file sharing server integrated with 2003 AD. so is it going to effect the migration or not? or samba 2.7 with consider SAMBA4 machine as an old DC. Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.3 and DOS read only
All, Sorry for not following up. Crazy week. Anyway, the username parameter should have been valid users. I just took it out, since my test share is not browseable. I also upped log level to 4. I do not get any log entry at all when trying to set the DOS RO attribute, and the unix permissions do not get changed. The log for my test session is below. Thanks, Jim [2012/08/24 14:12:09, 3] param/loadparm.c:5982(lp_load_ex) lp_load_ex: refreshing parameters Initialising global parameters [2012/08/24 14:12:09, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file /etc/opt/samba/sgpkg1/sgpkg1.conf [2012/08/24 14:12:09, 3] param/loadparm.c:4658(do_section) Processing section [global] doing parameter lock directory = /var/opt/samba/sgpkg1/locks doing parameter private dir = /var/opt/samba/sgpkg1/private doing parameter pid directory = /var/opt/samba/sgpkg1/locks doing parameter state directory = /var/opt/samba/sgpkg1/locks doing parameter cache directory = /var/opt/samba/sgpkg1/locks doing parameter include = /etc/opt/samba/sgpkg1/sgpkg1.conf.%m [2012/08/24 14:12:09, 2] param/loadparm.c:4112(handle_include) Can't find include file /etc/opt/samba/sgpkg1/sgpkg1.conf.clientip doing parameter socket address = serverip doing parameter interfaces = serverip doing parameter bind interfaces only = yes doing parameter max log size = 1000 doing parameter username map = /etc/opt/samba/sgpkg1/smbusers.map doing parameter security = domain doing parameter local master = no doing parameter password server = server list doing parameter wins server = server list doing parameter dns proxy = yes doing parameter encrypt passwords = yes doing parameter smb passwd file = /var/opt/samba/sgpkg1/private/smbpasswd doing parameter preserve case = yes doing parameter short preserve case = yes doing parameter dos filetime resolution = yes doing parameter read only = no doing parameter syslog = 0 doing parameter kernel oplocks = no doing parameter oplocks = no doing parameter level2 oplocks = no doing parameter guest account = smbguest doing parameter use mmap = no doing parameter unix extensions = no [2012/08/24 14:12:09, 2] param/loadparm.c:4675(do_section) Processing section [vob_storage] doing parameter path = /vob_storage doing parameter create mask = 0775 doing parameter directory mask = 0775 doing parameter oplocks = no doing parameter force group = group1 doing parameter map archive = no doing parameter map hidden = no [2012/08/24 14:12:09, 2] param/loadparm.c:4675(do_section) Processing section [view_storage] doing parameter path = /view_storage doing parameter create mask = 0775 doing parameter directory mask = 0775 doing parameter oplocks = no doing parameter force group = group1 doing parameter map archive = no doing parameter map hidden = no [2012/08/24 14:12:09, 2] param/loadparm.c:4675(do_section) Processing section [build_storage] doing parameter path = /build_storage doing parameter create mask = 0775 doing parameter directory mask = 0775 doing parameter oplocks = no doing parameter force group = group1 doing parameter map archive = no doing parameter map hidden = no [2012/08/24 14:12:09, 2] param/loadparm.c:4675(do_section) Processing section [developer_views] doing parameter path = /developer_views doing parameter create mask = 0775 doing parameter directory mask = 0775 doing parameter oplocks = no doing parameter force group = group1 doing parameter map archive = no doing parameter map hidden = no [2012/08/24 14:12:09, 2] param/loadparm.c:4675(do_section) Processing section [proj1data01] doing parameter path = /proj1data01 doing parameter create mask = 0775 doing parameter directory mask = 0775 doing parameter oplocks = no doing parameter map archive = no doing parameter map hidden = no [2012/08/24 14:12:09, 2] param/loadparm.c:4675(do_section) Processing section [proj1lib] doing parameter path = /proj1lib doing parameter create mask = 0775 doing parameter directory mask = 0775 doing parameter oplocks = no doing parameter map archive = no doing parameter map hidden = no [2012/08/24 14:12:09, 2] param/loadparm.c:4675(do_section) Processing section [Test] doing parameter comment = Setup to test dos RO attribute doing parameter browseable = No doing parameter path = /home/jim doing parameter writeable = yes doing parameter ea support = no doing parameter store dos attributes = no doing parameter map readonly = yes doing parameter dos filemode = yes [2012/08/24 14:12:09, 4] param/loadparm.c:6017(lp_load_ex) pm_process() returned Yes [2012/08/24 14:12:09, 3] param/loadparm.c:3119(lp_add_ipc) adding IPC service [2012/08/24 14:12:09, 3] printing/pcap.c:136(pcap_cache_reload) reloading printcap cache [2012/08/24 14:12:09, 3] printing/print_svid.c:66(sysv_cache_reload) Scheduler is not
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f83521a lib/param: fix usage of 'write list = +Group' from cbecd15 s3: fix compile warning on openindiana http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f83521a4ca26c8b14af1c407c49426d8dd8179f7 Author: Stefan Metzmacher me...@samba.org Date: Thu Aug 23 15:32:05 2012 +0200 lib/param: fix usage of 'write list = +Group' metze Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Fri Aug 24 11:28:17 CEST 2012 on sn-devel-104 --- Summary of changes: lib/param/loadparm.c | 10 -- 1 files changed, 8 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 4751a06..3814087 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -1355,13 +1355,19 @@ static bool set_variable(TALLOC_CTX *mem_ctx, int parmnum, void *parm_ptr, char **new_list = str_list_make(mem_ctx, pszParmValue, NULL); for (i=0; new_list[i]; i++) { - if (new_list[i][0] == '+' new_list[i][1]) { + if (*(const char ***)parm_ptr != NULL + new_list[i][0] == '+' + new_list[i][1]) + { if (!str_list_check(*(const char ***)parm_ptr, new_list[i][1])) { *(const char ***)parm_ptr = str_list_add(*(const char ***)parm_ptr, new_list[i][1]); } - } else if (new_list[i][0] == '-' new_list[i][1]) { + } else if (*(const char ***)parm_ptr != NULL + new_list[i][0] == '-' + new_list[i][1]) + { str_list_remove(*(const char ***)parm_ptr, new_list[i][1]); } else { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ced27e1 s3:lib: make sure we don't try to send messages to server_id's marked as disconnected via 1f7eac9 s3:lib: remove unused processes_exist() via 9529301 s3:lib: readd the CTDB_CONTROL_CHECK_SRVIDS optimization to serverids_exist() via 18c6757 s3:lib: only loop over the server_ids we need to verify in serverids_exist() via 6c3c25b s3:lib: use server_id_is_disconnected() in serverids_exist() via dc7d0f6 s3:lib: inline processes_exist() into serverids_exist() via 84b5a5c s3:lib: SERVERID_UNIQUE_ID_NOT_TO_VERIFY only means not to verify the 'unique_id' part via 95f3662 lib/util: don't SMB_ASSERT() in process_exists_by_pid() via 0b5e354 s3:lib: implement process_exists() as wrapper of serverid_exists() via 774c284 s3:g_lock: use serverid_exists() with SERVERID_UNIQUE_ID_NOT_TO_VERIFY via 99b134a s3:lib: implement serverid_exists() as wrapper of serverids_exist() via 6145329 s3:lib: remove CTDB_CONTROL_CHECK_SRVIDS optimization in serverids_exist() for now from f83521a lib/param: fix usage of 'write list = +Group' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ced27e1c5de491b4bac6c7817e72816ab075ef32 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 21 14:14:40 2012 +0200 s3:lib: make sure we don't try to send messages to server_id's marked as disconnected metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Aug 24 15:54:48 CEST 2012 on sn-devel-104 commit 1f7eac907a04361abf89b12ab03284cf57fec0f5 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 22 13:30:22 2012 +0200 s3:lib: remove unused processes_exist() metze commit 9529301503c043aaf8d3c39d3b0f014aaa0cc123 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 09:05:06 2012 +0200 s3:lib: readd the CTDB_CONTROL_CHECK_SRVIDS optimization to serverids_exist() metze commit 18c6757dbb7ee0e6a4be15b0f2a3fec1f94ba518 Author: Stefan Metzmacher me...@samba.org Date: Thu Aug 23 09:03:36 2012 +0200 s3:lib: only loop over the server_ids we need to verify in serverids_exist() metze commit 6c3c25b5c1e4981687556b7a8e56c8460d69deb4 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 22 17:52:56 2012 +0200 s3:lib: use server_id_is_disconnected() in serverids_exist() metze commit dc7d0f688317593ffa58badcc0ed7b10b2047c5e Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 22 13:28:49 2012 +0200 s3:lib: inline processes_exist() into serverids_exist() metze commit 84b5a5cbcd5e1c9ff984cd37b35a67707ceb430b Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 21 12:57:28 2012 +0200 s3:lib: SERVERID_UNIQUE_ID_NOT_TO_VERIFY only means not to verify the 'unique_id' part It doesn't mean the the server_id is always valid. metze commit 95f3662bbd587af24c2ff5411318e9d466412ee9 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 22 17:52:01 2012 +0200 lib/util: don't SMB_ASSERT() in process_exists_by_pid() Just return false... metze commit 0b5e354080ae1990b1f8acc470bfbad3f92868b8 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 22 12:36:22 2012 +0200 s3:lib: implement process_exists() as wrapper of serverid_exists() The changes the behavior of process_exists() it checks the pid.unique_id now, if it's not SERVERID_UNIQUE_ID_NOT_TO_VERIFY. metze commit 774c28416bd05c66f398dfbc999cff0e209b3620 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 22 12:35:29 2012 +0200 s3:g_lock: use serverid_exists() with SERVERID_UNIQUE_ID_NOT_TO_VERIFY metze commit 99b134adbe6b02388665c3b34f00b6723f6a1120 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 22 12:07:02 2012 +0200 s3:lib: implement serverid_exists() as wrapper of serverids_exist() metze commit 6145329fcd7463279b3c497a7a5db5f4f6bd991e Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 22 12:02:43 2012 +0200 s3:lib: remove CTDB_CONTROL_CHECK_SRVIDS optimization in serverids_exist() for now This will be readded... metze --- Summary of changes: lib/util/util.c|4 +- source3/lib/g_lock.c | 11 ++- source3/lib/messages.c |4 + source3/lib/serverid.c | 214 +--- source3/lib/util.c | 86 +--- 5 files changed, 184 insertions(+), 135 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util.c b/lib/util/util.c index 100d3d8..b50d28a 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -286,7 +286,9 @@ _PUBLIC_ bool process_exists_by_pid(pid_t pid) { /* Doing kill with a non-positive
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via aca444c Remove useless bool upper_case_domain parameter from ntv2_owf_gen(). via cbdf6c5 Remove useless bool upper_case_domain parameter. via 43870fb Move uppercasing the domain out of smb_pwd_check_ntlmv2() from ced27e1 s3:lib: make sure we don't try to send messages to server_id's marked as disconnected http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit aca444cbfc495831ab0a265214ed48be74560bf2 Author: Jeremy Allison j...@samba.org Date: Thu Aug 23 16:02:09 2012 -0700 Remove useless bool upper_case_domain parameter from ntv2_owf_gen(). The code in SMBNTLMv2encrypt_hash() should not be requesting case changes on the domain name. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104 commit cbdf6c5c5135ce7d14ceff5d12b99428f4285e13 Author: Jeremy Allison j...@samba.org Date: Thu Aug 23 15:59:54 2012 -0700 Remove useless bool upper_case_domain parameter. commit 43870fb2c83c0fc70fb84b48dffe8f93bacf43c9 Author: Jeremy Allison j...@samba.org Date: Thu Aug 23 15:46:16 2012 -0700 Move uppercasing the domain out of smb_pwd_check_ntlmv2() Allows us to remove a silly bool parameter. Based on work done by Blohm, Guntram (I/FP-37, extern) extern.guntram.bl...@audi.de. --- Summary of changes: libcli/auth/ntlm_check.c | 41 + libcli/auth/proto.h |1 - libcli/auth/smbencrypt.c | 11 +-- 3 files changed, 22 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 9520d32..dc70957 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -87,7 +87,6 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, -bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -122,7 +121,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, but for NTLMv2 it is meant to contain the current time etc. */ - if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { return false; } @@ -161,7 +160,6 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, - bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -192,7 +190,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, client_key_data = data_blob_talloc(mem_ctx, ntv2_response-data+16, ntv2_response-length-16); - if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { return false; } @@ -297,6 +295,14 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, { const static uint8_t zeros[8]; DATA_BLOB tmp_sess_key; + const char *upper_client_domain = NULL; + + if (client_domain != NULL) { + upper_client_domain = talloc_strdup_upper(mem_ctx, client_domain); + if (upper_client_domain == NULL) { + return NT_STATUS_NO_MEMORY; + } + } if (stored_nt == NULL) { DEBUG(3,(ntlm_password_check: NO NT password stored for user %s.\n, @@ -349,13 +355,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* We have the NT MD4 hash challenge available - see if we can use it */ - DEBUG(4,(ntlm_password_check: Checking NTLMv2 password with domain [%s]\n, client_domain)); + DEBUG(4,(ntlm_password_check: Checking NTLMv2 password with domain [%s]\n, + client_domain ? client_domain : NULL)); if (smb_pwd_check_ntlmv2(mem_ctx, nt_response, stored_nt-hash, challenge, client_username, client_domain, -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b05d28e s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097) via 6460129 s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097) via 19daec6 s4:winbind: add a netlogon_queue (tevent_queue) via d4aa897 s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_req via 0ccdaa9 s4:winbind: convert wb_sam_logon_send/recv to tevent_req via d3756d8 s4:winbind: convert wb_sid2domain to tevent_req internally via 89a5a71 s4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug #9097) via 0bd0ad9 s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and alter_context responses via e44b5bd s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data() via 81bc57d s4:librpc/rpc: use talloc_zero for 'struct rpc_request' via 28350ae libcli/smb: split out a smb_transport private library via 5eec19b libcli/smb: wscript_build = wscript from aca444c Remove useless bool upper_case_domain parameter from ntv2_owf_gen(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b05d28ebddb7ebd4f8e28a80489fceb8703a9868 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 17:42:18 2012 +0200 s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097) metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104 commit 646012954c4704375912ba2c049266f122c76f97 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 13:40:13 2012 +0200 s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097) metze commit 19daec6a95fd89b34f126118fcd3d3c4e7db72e6 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 13:39:14 2012 +0200 s4:winbind: add a netlogon_queue (tevent_queue) This will protect the netlogon_creds later. metze commit d4aa8978ccecc40e3fd4fb89e76199b82ddf87ff Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 17:39:58 2012 +0200 s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_req metze commit 0ccdaa940a80181d1f263386324668a0a715dbf9 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 13:15:42 2012 +0200 s4:winbind: convert wb_sam_logon_send/recv to tevent_req metze commit d3756d87389fb7111c35e1e01f23abfb13f814a7 Author: Stefan Metzmacher me...@samba.org Date: Thu Aug 23 13:14:17 2012 +0200 s4:winbind: convert wb_sid2domain to tevent_req internally The public wrapper still uses composite_context, because I don't have time to fix all the callers... metze commit 89a5a7165469da35f0f6c87c4c34579aa4f75531 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 08:29:21 2012 +0200 s4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug #9097) metze commit 0bd0ad967d1b5f82cbbd2df8fcb8a54d1ed5db40 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 08:27:47 2012 +0200 s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and alter_context responses metze commit e44b5bdb2cc756620517a7341e1ad81d606e359d Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 08:26:53 2012 +0200 s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data() metze commit 81bc57d39536516d64fd59978e300d64eac1d97c Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 24 13:17:23 2012 +0200 s4:librpc/rpc: use talloc_zero for 'struct rpc_request' metze commit 28350aeaa19d419bfc8f2fef69b136f42a0234ae Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 10 12:34:59 2012 +0200 libcli/smb: split out a smb_transport private library metze commit 5eec19bc838a276eeea10ddedc50d5f0697f120e Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 10 12:38:41 2012 +0200 libcli/smb: wscript_build = wscript We'll need some configure checks in future. metze --- Summary of changes: libcli/smb/{wscript_build = wscript} | 21 +++- source4/librpc/rpc/dcerpc.c | 53 ++-- source4/winbind/wb_init_domain.c | 10 ++ source4/winbind/wb_irpc.c | 48 --- source4/winbind/wb_pam_auth.c | 21 ++-- source4/winbind/wb_sam_logon.c| 220 +++-- source4/winbind/wb_server.h |2 + source4/winbind/wb_sid2domain.c | 248 +++-- source4/winbind/wb_update_rodc_dns.c | 206 ++- 9 files changed, 564 insertions(+), 265 deletions(-) rename libcli/smb/{wscript_build = wscript} (58%) Changeset truncated at 500 lines: